Presentation Title IT Strategy Board March 6, 2020 Presenter - - PowerPoint PPT Presentation

presentation title
SMART_READER_LITE
LIVE PREVIEW

Presentation Title IT Strategy Board March 6, 2020 Presenter - - PowerPoint PPT Presentation

Jan 02, 2024 272 likes •663 views

Presentation Title IT Strategy Board March 6, 2020 Presenter Presenter Title Month Day, Year Presentation Board Member Title Powers and Duties Tracy Doaks Secretary and State CIO Presenter Presenter Title Month Day, Year Board Member

slide-1
SLIDE 1

Presentation Title

Month Day, Year

Presenter

Presenter Title

IT Strategy Board

March 6, 2020

slide-2
SLIDE 2

Presentation Title

Month Day, Year

Presenter

Presenter Title

Board Member Powers and Duties

Tracy Doaks

Secretary and State CIO

slide-3
SLIDE 3

Board Member Powers and Duties

(1) To advise the State CIO on policies and procedures to develop, review, and update the State Information Technology Plan. (2) To establish necessary committees to identify and share industry best practices and new development and to identify existing State information technology problems and deficiencies. (3) To establish guidelines regarding the review of project planning and management, information sharing, and administrative and technical review procedures involving State-owned or State-supported technology and infrastructure. (4) To establish ad hoc technical advisory groups to study and make recommendations on specific topics, including work groups to establish, coordinate, and prioritize needs.

slide-4
SLIDE 4

Powers and Duties (continued)

(5) To assist the State CIO in recommending to the Governor and the General Assembly a prioritized list of enterprise initiatives for which new

  • r additional funding is needed.

(6) To recommend business system technology projects to the Department and the General Assembly that meet the following criteria:

  • a. A defined start and end point.
  • b. Specific objectives that signify completion.
  • c. Designed to implement or deliver a unique product, system, or service

pertaining to business system technology. (7) To develop and maintain a five-year prioritization plan for future business system technology projects.

slide-5
SLIDE 5

Presentation Title

Month Day, Year

Presenter

Presenter Title

Ethics Awareness, Conflict of Interest Reminder, Public Records

Anna Szamosi

Deputy General Counsel

slide-6
SLIDE 6

Ethics Awareness

  • Ethics Act
  • As of today, this board is not covered by the Ethics Act
  • If the Commission does determine that this board is covered by the Ethics

Act, all members will be required to complete a Statement of Economic Interest (SEI) and Ethics training, if you have not already.

  • Regardless, the proposed bylaws also prohibit members from

participating in discussions or votes where you may have a conflict of interest

slide-7
SLIDE 7

Public Meetings

  • All official meetings of public bodies are open to the public
  • Official meetings for this board commence when a quorum of members is

met

  • Meetings can be closed for certain reasons, including when the board

needs to discuss confidential information, confidential IT procurement bids, and so forth

  • DIT staff will assist with required notice and posting requirements for the

board

slide-8
SLIDE 8

Public Records

"Public record" or "public records" shall mean all documents, papers, letters, maps, books, photographs, films, sound recordings, magnetic or other tapes, electronic data-processing records, artifacts, or other documentary material, regardless of physical form or characteristics, made or received pursuant to law or

  • rdinance in connection with the transaction of public business by any agency of North Carolina

government or its subdivisions.

  • Public records are the property
  • f the people of North Carolina
  • Unless an exception applies,

NCDIT must turn over records to anyone who makes a request

  • This includes emails, text

messages, voicemail recordings and transcripts, etc.

  • Any emails, texts, notes, etc.

created in connection with your duties as a member of this board will likely be considered a public record

slide-9
SLIDE 9

Exceptions to the Public Records Act

  • Communications of an attorney to an agency or board regarding

pending litigation or processing where the agency is a party to or is directly affected by the litigation or proceeding

  • Trade secrets (intellectual property, vendor customer lists)
  • Personally identifying information
  • Certain meeting minutes of closed public body meetings
  • Network & security features of IT systems
  • Procurement information prior to award to a vendor
  • Security and risk assessment reports
slide-10
SLIDE 10

Applicability to the IT Strategy Board

  • Any emails, texts, notes, etc. created in connection with your

duties as a member of this board will likely be considered a public record

  • This includes records contained in your personal email or on

personal devices created while transacting official business for the board

  • If you do not already have a state-issued email account, NCDIT can

issue you one to use for board purposes

slide-11
SLIDE 11

Board Member Service Requirement

  • Per the Office of State Human Resources, all members of state boards

and commissions are considered temporary state employees, even if they are not paid

  • All members who are not already state employees must complete an

application form and an Employment Eligibility Verification form (I-9)

  • The I-9 form requires copies of ID, SSN card, etc.
  • Bring documentation to next meeting. A representative from OSHR will be in

attendance to collect this information.

slide-12
SLIDE 12

Presentation Title

Month Day, Year

Presenter

Presenter Title

Review Draft Bylaws for Consideration

Anna Szamosi

Deputy General Counsel

slide-13
SLIDE 13

IT Strategy Board Bylaws

  • G.S. 143B-1337 requires that the board establish bylaws that

contain rules governing your meeting procedures

  • Please review the bylaws that will be provided to you, and provide

feedback by the end of March

slide-14
SLIDE 14

Overview of the Draft Bylaws

  • Article 1:
  • Name
  • Purpose
  • Membership of the Board
  • Article 2:
  • Powers & duties
  • Chair & vice-chair
  • Member service
  • Meeting logistics
  • Article 3:
  • Committees
  • Article 4:
  • Ad hoc technical advisory groups
  • Article 5:
  • Amendments
slide-15
SLIDE 15

Questions?

slide-16
SLIDE 16

Presentation Title

Month Day, Year

Presenter

Presenter Title

Introduction to NCDIT

Tracy Doaks

Secretary and State CIO

slide-17
SLIDE 17

Who We Are Mission: To promote a stronger North Carolina that connects customers, citizens, business, education and government Purpose: To innovatively unite business and IT to meet the needs of our citizens by delivering shared services to state agencies, local governments, and educational institutions across the state

slide-18
SLIDE 18

Who We Are

slide-19
SLIDE 19

Our History

  • 1983 - created as the State Information Processing

Services in the Office of State Controller

  • 1997 - moved to the Department of Commerce, then

to the Office of the Governor as the Office of Information Technology Services.

  • 2015 - established in legislation as a cabinet-level

department to unify state IT resources to gain efficiencies

slide-20
SLIDE 20

Unifying IT Resources

  • Completing in two phases
  • Phase I
  • Transition IT employees under the operational control of

NCDIT

  • Employees will remain in their current physical locations
  • HR actions, activities and decisions are responsibility of

NCDIT upon the date of transfer

slide-21
SLIDE 21

Unifying IT Resources

  • Nine agencies transferred to date
  • Transportation
  • Public Safety
  • Environmental Quality
  • Military and Veterans Affairs
  • Administration
  • Cultural and Natural Resources
  • Office of the Governor
  • Budget and Management
  • Human Resources
slide-22
SLIDE 22

Unifying IT Resources

  • Phase II
  • Will focus on analysis of business operations and

processes to ensure the most effective and efficient use of IT resources

  • NCDIT will also assume full budgetary authority of the

positions through the implementation of a new fiscal model

slide-23
SLIDE 23
slide-24
SLIDE 24

Service Delivery and IT Solutions

Glenn Poplawski

State Solutions Director

slide-25
SLIDE 25

Digital Technology Ecosystem

Compute Models App Services Platforms

Containers

Maximum portability

Virtual Server

Leverage existing languages and tools

Platform as a Service

Extensive runtime options

Serverless

Maximum speed with serverless apps

Security Analytic/Data Services

Digital Commons

Transactional/Automation Services

Identity and Access Management

Identity/Access Services

* *

*Not currently implemented but capability needed

* Cloud Service Broker

Data Integration

*

BI/Analytics BI/Analytics Large Scale BI/Analytics Social Media Analytics Mobile Device Mgmt Endpoint Mgmt/Security Anti-Spam Email Filtering Data Loss Prevention A/V Cloud Access Security Broker Security Info & Event Management Vulnerability Management Threat Intelligence IPS/IDS Security Ratings Application Delivery CC/ACH Intelligent Automation (e.g RPA) CC/ACH CC/ACH DDOS Defence Network Security Policy Mgmt

AI Layer

Common Interoperable framework

Integration Layer -

GIS Data Services

slide-26
SLIDE 26

Enabling Digital Transformation

People

Digital workforce training Culture of cross-org collaboration Enabling our talent Mindset

Processes

Agile, nimble, iterative Data Governance + standards Right KPIs Procurement

Technology

Broadband Modern platforms + Cloud Analytics New channels (i.e. chatbots, Alexa) AI including RPA Security Integration (API LCM, IPaaS) eForms capability

Benefits for Citizens

  • Simpler, faster, more intuitive experiences with

state government.

  • Transparent, open, accessible government
  • Security and privacy

Benefits for State Government

  • Cost savings and efficiencies
  • Decreased call center volume and fewer office visits
  • Engaged, productive staff
  • Better positioned for workforce of the future

Learn more: DIT IT Plan: https://it.nc.gov/roadmap

slide-27
SLIDE 27

Cybersecurity

Maria Thompson

State Risk Officer

slide-28
SLIDE 28

Mission

Provides leadership in the development, delivery and maintenance

  • f an information security and risk management program that

safeguards the state's information assets and the supporting infrastructure against unauthorized use, disclosure, modification, damage or loss.

Enterprise Security and Risk Management Office (ESRMO)

slide-29
SLIDE 29

ESRMO

  • Supports a comprehensive statewide program that encompasses

information security implementation, monitoring, threat and vulnerability management, cyber incident management and enterprise business continuity management.

  • Works with executive branch agencies to help them comply with

legal and regulatory requirements, the statewide technical architecture, policies, industry best practices, and other requirements.

  • Works with state agencies, federal and local governments,

citizens and private-sector businesses to help manage risk to support secure and sustainable IT services to meet the needs of North Carolinians.

slide-30
SLIDE 30

Why is Cybersecurity Important?

Key component of any risk management strategy

  • State and local government IT struggle with obtaining and building it into business

requirements

  • Shadow IT activities are prevalent throughout the state
  • State agencies, local government and academia are resource constrained – lack of

manpower

  • Local county networks host critical services for the state
  • Critical infrastructure, e.g. elections, water, power etc.
  • Life and safety services, e.g. 911, health, public safety
  • Current decentralized cyber practices, ad hoc cyber budgeting and lack of

accountability for cyber risks leads to inconsistent cyber approach and poor risk management

  • Limited network visibility
  • Legacy systems with no maintenance or patch support
  • Ineffective identity, credential and access management
  • Slow incident response capabilities
slide-31
SLIDE 31

Strategic Objectives

Key Initiatives

  • Develop, implement and fund a statewide cyber incident response capability to

support secure citizen engagements

  • Reduce the risks to the state’s critical infrastructure by collaborating with local

government

  • Advance the state’s cyber workforce through education and collaboration with K-12

and higher education

  • Protect and secure statewide government and academic networks
  • Assess, trend and evaluate emerging cyber risks to the state
  • Support federal and state partners in combatting cybercrime targeting citizens and

small businesses

  • Establish a statewide privacy program to address growing concerns on data

management practices

slide-32
SLIDE 32

Whole-of-State Cyber Approach

Eliminating all risks is virtually impossible— unifying cyber, managing risks and building resilience will be the key to a more secure state!

  • BitSight monitoring of local county infrastructure
  • Pilot program for continuous monitoring of local county

network traffic

  • Developed of Statewide Significant Cyber Incident Plan
  • Established statewide information sharing under HB 217
  • Cyber incident response and training support utilizing

National Guard Defensive Cyber Operations team and local IT Strike teams

slide-33
SLIDE 33

NC Reported Ransomware Attacks

Date Affected Entity Ransomware /Malware

  • Feb. 2016

Durham Unknown

  • Dec. 2017

Mecklenburg County LockCrypt

  • Feb. 2018

Davidson County SamSam May 2018 Pasquotank County Scarab

  • Oct. 2018

Onslow County Water and Sewer Ryuk

  • Nov. 2018

City of Durham Unknown March 2019 Orange County (hit 3 times in 6 yrs) Ryuk March 2019 Pasquotank-Camden EMS Unknown March 2019 Robeson County Ryuk April 2019 City of Greenville RobinHood July 2019 Richmond Community College Ryuk

  • Aug. 2019

Lincoln County Sheriffs Office/911 (X2) DopplePaymer

  • Sept. 2019

NC Wildlife Resources Commission DopplePaymer

  • Oct. 2019

NC State Bar Neshta (dropper)

  • Oct. 2019

Columbus County School System (x17) Ryuk

  • Oct. 2019

ABC Board (x21) Sodinokibi

  • Dec. 2019

EBCI Sodinokibi (Insider Threat)

  • Jan. 2020

Duplin County Ryuk

slide-34
SLIDE 34

Govt Supporting Govt – NC National Guard

slide-35
SLIDE 35

Continuous Monitoring & Annual Compliance Reporting

  • N.C.G.S. 143B-1376 requires the State CIO to annually assess

the ability of each agency and their contracted vendors to comply with the current enterprise-wide set of security standards. The information gathered is used to build out the State IT Plan. These assessments include, at a minimum:

  • 1. Rate of compliance with the enterprise-wide security standards
  • 2. Estimate of cost to implement deficient security measures
  • 3. Assessment of Security Organization
  • Security practices
  • Security industry standards
  • Network security architecture
  • Current expenditures of state funds for IT security
  • ESRMO has developed a Continuous Monitoring Plan that requires all agencies to

complete an annual risk and security assessment and have ongoing processes in place to assess the current posture of the environment.

  • All critical systems must obtain a third-party assessment within a 3-year cycle.

In the off-years, agencies conduct an annual self assessment..

slide-36
SLIDE 36

Presentation Title

Month Day, Year

Presenter

Presenter Title

General Discussion & Q & A

slide-37
SLIDE 37
slide-38
SLIDE 38

@NCDIT @BroadbandIO @ncicenter NCDIT NC Department

  • f Information

Technology NC DIT

Let’s Connect!

it.nc.gov @NCDIT